Hello,

I've recently set up a RB951G-2hnd (6.13) all working fine but when I try to connect my remote desktop to a external server gives me an timeout.

In connections i see TCP-STATE when try yo connect >> syn sent

What rule I need to allow outgoing connections by rdp

thanks

you can see google.com?

If yes you must contact server administrator because probably your ip are not allowed to connect to that server.

I´m the sysadmin.

Everything works fine (NAV,POP,SMTP..) except RDP connection to external public ip.

I've created a rule for incoming RDP conections [External to local IP ] and it work

If all function, the cause can be the server or other devices between

I´m the sysadmin.

Everything works fine (NAV,POP,SMTP..) except RDP connection to external public ip.

I've created a rule for incoming RDP conections [External to local IP ] and it work

Tesl4, I'd recommend checking your RDP dst-nat rule again and making sure that you've specified the Incoming Interface and that it's set to your gateway interface.

craig

when I try to connect:



the rule is:

/ip firewall nat
add action=dst-nat chain=dstnat dst-port=3389\
in-interface=pppoe-out1 protocol=tcp to-addresses=172.16.2.253 \
to-ports=3389

dont work and i want all of my net can connect to externet RDP.

Regards.

Just to clarify, you can make inbound RDP connections successfully. Your issue now is that you cannot make outbound RDP connections, is that correct? Is it only one device that you're unable to connect to, or all RDP connections regardless of destination?

If that's correct, can you run an export and remove any passwords and other sensitive info?

craig

Hi Craig

inbound RDP connections works fine

outbound RDP connections not work to all RDP connections regardless of destination

You don't happen to control the PPPoE server do you?

If you run torch on your pppoe-out1 interface, do you see the outgoing RDP request?

If you do, then it's time to call your ISP and ask if they have a default rule to block outgoing RDP traffic from subscribers. It would be the first time I've heard of and ISP blocking RDP by default but 25,137-139,445, and 1433 are not uncommon.

I'm a WISP and I block on all incoming new connection this on udp/tcp:

111,135,137,138,139,445,8291

And we not remove it, neither on request.

We also block incoming

TCP: 20,21,22,23,53,80,443,8728,8729,1700,1812,1813,3799,2210,2211
UDP: 53,67,68,69,123,161,1700,1812,1813,3799,2210,2211

But for those ports, after explicit user request, can be opened.


Also incoming 5060-5067 are blocked on UDP and TCP, if the request not come from one well known sip / voip provider (or by end user request).

But about 3389, is not logic to block that port.

Hi Craig

inbound RDP connections works fine

outbound RDP connections not work to all RDP connections regardless of destination

Same problem: it happens if you set up a 3389 ingoing NAT. The solution is specify, for that rule, the interface that receive the ingoing rdp request.




I don't know why, but without this trick outgoing rdp connections doesn't work.

Let me know, Simone.